Differences

This shows you the differences between two versions of the page.

--- cn:ccr:cloud:infn_cc:project_networking [2019/07/09 07:31] – stalio@infn.it
+++ cn:ccr:cloud:infn_cc:project_networking [2019/07/09 07:51] (current) – stalio@infn.it
@@ Line 1: / Line 1: @@
+====== Setup delle reti di progetto ======
+La gestione delle reti interne al progetto è demandata agli utenti del middleware cloud.
+Perché le VM associate ad un progetto possano collegarsi in rete sono necessarie le seguenti operazioni propedeutiche:
+  * creare una rete interna
+  * creare una subnet ed associarla alla rete interna
+  * creare un router da collegare alla rete interna ed alla rete pubblica
+Queste operazioni possono essere eseguite attraverso la dashboard, ma può essere utile usare questo script per rendere l'operazione più semplice e veloce.
+<code>
+#!/bin/bash
+REGION=$OS_REGION_NAME
+DOMAIN=$OS_USER_DOMAIN_NAME
+PROJECT=$OS_PROJECT_NAME
+while getopts "p:d:r:h" opt; do
+    case "$opt" in
+    p)  PROJECT=$OPTARG
+        OS_PROJECT_NAME=$PROJECT
+        ;;
+    d)  DOMAIN=$OPTARG
+        OS_USER_DOMAIN_NAME=$DOMAIN
+        ;;
+    r)  REGION=$OPTARG
+        OS_REGION_NAME=$REGION
+        ;;
+    h)  echo "This script is intended for easing the setup of a basic network environment for OpenStack projects."
+        echo "Enter the dashboard, on the top right corner click on you username and download the \"OpenStack RC file V3\"."
+        echo "Execute the downloaded file in a terminal - you will be prompted for you password -, and execute this script."
+        echo "Make sure you close the terminal immediately after finishing in order to avoid you password being kept in memory."
+        echo "Project, region and domain names can be overridden with -p, -r and -d."
+  	exit 1
+        ;;
+    esac
+done
+#if [[ -z "$PROJECT" ]] || [[ -z "$DOMAIN" ]]
+#then
+#  echo "Project and domain name must be set with -p and -d"
+#  exit 1
+#fi
+# The names of the new network, subnet and router are obtained from the project name
+NETWORK=$PROJECT-net
+SUBNET=$PROJECT-subnet
+ROUTER=$PROJECT-router
+echo ""
+# Get the public net id of the selected region
+PUBLIC_NET_ID=`openstack network show public -f value -c id`
+if [[ -z "$PUBLIC_NET_ID" ]]
+then
+  echo ""
+  echo "Could not obtain public network id"
+  echo "Make sure you have all the necessary variables correctly set before retrying"
+  echo ""
+  exit 1
+fi
+# Verify that the project exists
+PROJECT_ID=`openstack project show $PROJECT -f value -c id`
+if [[ -z "$PROJECT_ID" ]]
+then
+  echo ""
+#  echo "Could not find project $PROJECT in domain $DOMAIN"
+  echo "Make sure you have all the necessary variables correctly set before retrying"
+  echo ""
+  exit 1
+fi
+# Generate a random network address (192.168.xxx.0/24). Avoid 192.168.0.0/24, 192.168.1.0/24 and some more because they may conflict when doing VPN from home networks
+FLOOR=10
+RANGE=250
+NUMBER=0
+while [ "$NUMBER" -le "$FLOOR" ]
+do
+  NUMBER=$RANDOM
+  let "NUMBER %= $RANGE"  # Scales $number down within $RANGE.
+done
+GATEWAY=192.168.$NUMBER.1
+NET=192.168.$NUMBER
+CIDR=192.168.$NUMBER.0/24
+NETWORK_ID=`openstack network show $NETWORK -f value -c id 2>/dev/null`
+echo ""
+echo "Will try to create network \"$NETWORK\" for project \"$PROJECT\" in domain \"$DOMAIN\" and region \"$REGION\"."
+echo "The associate subnet will use the following class C network: $CIDR."
+echo ""
+read -r -p "Are you sure? [Y/n]" response
+ response=${response,,} # tolower
+ if [[ $response =~ ^(yes|y| ) ]] || [[ -z $response ]]; then
+   /bin/true
+ else
+   echo "Exiting"
+   echo ""
+   exit
+ fi
+if [ $? -eq 0 ]
+then
+  echo "Network $NETWORK ($NETWORK_ID) exists already"
+else
+  echo "Creating network $NETWORK"
+# Create a new private network for the project
+  NETWORK_ID=`openstack network create \
+    -f value -c id \
+    --project $PROJECT \
+    --project-domain $DOMAIN \
+    --description "Private network for the $PROJECT project" \
+    --enable \
+    --enable-port-security \
+    --internal \
+    --provider-network-type vxlan \
+    --no-share \
+    $NETWORK`
+  echo "Network $NETWORK ($NETWORK_ID) created"
+fi
+SUBNET_ID=`openstack subnet show $SUBNET -f value -c id 2>/dev/null`
+if [ $? -eq 0 ]
+then
+  echo "Subnet $SUBNET ($SUBNET_ID) exists already"
+else
+  echo "Creating subnet $SUBNET"
+# Create a new subnet for the project
+  SUBNET_ID=`openstack subnet create \
+    -f value -c id \
+    --project $PROJECT \
+    --project-domain $DOMAIN \
+    --description "Subnet for the $PROJECT project" \
+    --network $NETWORK \
+    --dhcp \
+    --ip-version 4 \
+    --gateway $GATEWAY \
+    --allocation-pool start=$NET.10,end=$NET.250 \
+    --subnet-range $CIDR \
+    $SUBNET`
+echo "Subnet $SUBNET ($SUBNET_ID) created"
+fi
+ROUTER_ID=`openstack router show $ROUTER -f value -c id 2>/dev/null`
+if [ $? -eq 0 ]
+then
+  echo "Router $ROUTER ($ROUTER_ID) exists already"
+else
+  echo "Creating router $ROUTER"
+# Create a new router for the project
+  ROUTER_ID=`openstack router create \
+    -f value -c id \
+    --project $PROJECT \
+    --project-domain $DOMAIN \
+    --description "Router for the $PROJECT project" \
+    --enable \
+    $ROUTER`
+  echo "Router $ROUTER ($ROUTER_ID) created"
+# Connect the router to the external network and to the internal subnet
+  openstack router set \
+    --external-gateway $PUBLIC_NET_ID \
+    $ROUTER_ID
+  openstack router add subnet \
+    $ROUTER_ID $SUBNET_ID
+fi
+</code>
+In più è necessario
+  * associare dei floating IP alle VM che devono poter essere accedute dall'esterno
+  * associare dei security group alle VM con floating ip associati